We claim: 

1 . A meffliod of updating keys that decrypt login tickets that log a user into 
multiple sitesAthe method comprising: 

generating a first key having a first version number; 

providing tickets encoded consistent with the first key, the ticket having a 

version number Corresponding to the first version number; 

generating a second key having a second version number; and 

when the second key becomes current at a site, providing tickets encoded 

consistent with the\second key, the ticket having a version number 

corresponding to the second version number. 

2. The method oV claim 1 wherein a different key is provided to each site, 
and wherein each key us encrypted for decoding at one site. 

3. The method of maim 1 and further including generating a configuration 
file to track keys for eacn site. 

4. The method of claim 1 wherein the key comprises key data and 
executable code for decrypung tickets. 

5. A computer readablelmedium having instructions stored thereon for 
causing a computer to perforAi a method of updating keys that decrypt login 
tickets that log a user into multiple sites, the method comprising: 

generating a first key Having a first version number; 

providing tickets encoded consistent with the first key, the ticket having a 

version number corresponding to the first version number; 

generating a second key Waving a second version number; and 

when the second key becomes current at a site, providing tickets encoded 

consistent with the second key, the ticket having a version number 

corresponding to the second version number. 
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6. A metltod of generating keys that decrypt login tickets that log a user into 
multiple sites, tme method comprising: 

generatirig a first key in the form of an executable having a first version 
number; 

generating\a second key in the form of an executable having a second 
version number; and 

providing am indication to a login server identifying which key is current 
for each site such thkt the tickets are properly encoded. 
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10 7. The method df claim 6 and further comprising distributing the key to 
multiple login servers in a secure manner. 

8. The method ofi claim 6 and further comprising updating a configuration 
file to track keys for each site. 
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9. A computer readable medium having instructions stored thereon for 
causing a computer to perform a method of generating keys that decrypt login 
tickets that log a user intb multiple sites, the method comprising: 

generating a first l^ey in the form of an executable having a first version 
number; 

generating a secon^ key in the form of an executable having a second 
version number; and 

providing an indication to a login server identifying which key is current 
for each site such that the ti okets are properly encoded. 



10. A system that gener; 



tes keys that decrypt login tickets that log a user into 
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multiple sites, the system copiprising: 

a key generator that generates a first key in the form of an executable 
having a first version number and generates a second key in the form of an 
executable having a second vfersion number; and 
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means for pVoviding information to a login server identifying which key 
is current for each site such that the tickets are properly encoded. 

11. A method of Updating keys that decrypt login tickets that log a user into 
multiple sites, the method comprising: 

generating a neiw key with an incremented version number; 

sending the new key to a partner site for use in decoding tickets with the 
incremented version number; 

updating key and version information for a login server; and 

generating tickets decodable by the new key when an indication that a 
key having a previous version number has expired. 



12. A computer readable medium having instructions stored thereon for 
causing a computer to perform a method of updating keys that decrypt login 
tickets that log a user intolmultiple sites, the method comprising: 

generating a new key with an incremented version number; 

sending the new kdy to a partner site for use in decoding tickets with the 
incremented version number; 



updating key and vi 



generating tickets decodable by the new key when an indication that a 



key having a previous versi 



rsion information for a login server; and 



Dn number has expired 



13. A method of updating a key used to decrypt tickets used to log into a site, 
the method comprising: 

key with a new version number; 
old current key having an old version number to 



receiving an updated 
setting a time for an 



expire; 



making the updated 



key the current key. 



1 4. The method of clain i 
making the updated key the 



13 wherein the key comprises executable code for 
current key. 
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15. The mithod of claim 13 and further comprising redirecting users 
attempting to Ibg into the site using the old current key. 



16. A computer readable medium having instructions stored thereon for 
causing a computer to perform a method of updating a key used to decrypt 
tickets used to lag into a site, the method comprising: 

receiving! an updated key with a new version number; 
setting a time for an old current key having an old version number to 
expire; 1 

making thte updated key the current key. 

17. A method pf updating a key used to decrypt tickets used to log into a site, 
the method comprising: 

receiving an updated key with a new version number; 
setting a time for an old current key having an old version number to 
expire; and 1 

making the Updated key the current key. 

18. A computer readable medium having instructions stored thereon for 
causing a computer to perform a method of updating a key used to decrypt 
tickets used to log into a site, the method comprising: 

receiving an ilpdated key with a new version number; 
setting a time for an old current key having an old version number to 
expire; and 1 

making the updated key the current key. 

19. A method of mlnaging keys used to decrypt tickets for logging onto a 
site, the method comprising: 

receiving a first ikey with a first version number; 
encrypting the first key using a hardware address; 
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changing a current key variable to the first version number; 
receiving a new key with an incremented version number; 
encrypiing the new key using a hardware address; and 
identifying the new key as the current key. 

5 \ 

20. Them method of claim 19 and further comprising setting a time for the 
first key identifymg when such key may no longer be used. 

21. The method of claim 20 wherein a user currently logged in may continue 
10. to use the first key until the time expires. 
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22. The method of claim 20 wherein new user may only use a ticket 
corresponding to tne second key when the second key is made the current key. 

15 23. The methodlof claim 20 wherein the time is set to a reauthorization time 
determined by the site. 

24. The method oif claim 19 wherein a new user using a previous version 
ticket will be redirected to obtain a ticket corresponding to the new key 
20 following the new keM being identified as the current key. 



25. The method of claim 19 wherein the new key is identified as the current 
key by changing the ciirrent key variable to the second version number. 



25 26, A computer readable medium having instructions stored thereon for 
causing a computer to perform a method of managing keys used to decrypt 

► a site, the method comprising: 
cey with a first version number; 
st key using a hardware address; 
30 changing a curreAt key variable to the first version number; 

receiving a new kfey with an incremented version number; 



tickets for logging onto 
receiving a first 
encrypting the fi 
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encrypting the new key using a hardware address; and 
identiMng the new key as the current key. 



27. A methdd of updating keys used to decrypt tickets used to log into 
multiple sites or\ a network, the method comprising: 

generating a new key with a new version number to take the place of an 
old key with an eld version number; 

storing th ^ new key on a site to be logged into by a user; 
changing a current key indication to the new key; 
allowing current logged in users to continue using the old key; and 
redirectinj J new users to a login server to obtain a ticket consistent with 
the new key. 



28. The methoU of claim 27 wherein the old key may be used by current 
logged in users fon a predetermined amount of time. 

29. The method! of claim 28 wherein the predetermined amount of time is no 
more than a reauthoVization time by which a current user is normally required to 
provide login infomiation. 

30. The method (if claim 28 wherein the predetermined amount of time may 
be set to zero to force all current and new users to login with a ticket consistent 
with the new key version. 

31 . The method of claim 27 wherein the ticket contains a version number 
consistent with the vej-sion number of the key which can decrypt it. 



32. The method oflclaim 27 wherein keys are encrypted by the site using a 
hardware address, andlstored by the site. 
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33. The method of claim 27 wherein a new key is generated based on a 
request of the site;. 

34. The method of claim 27 wherein keys are generated in an executable 
form which includes key information as well as code for decrypting tickets using 
the key information. 



35. Themethcjd 
authentication server 
login tickets. 



generating 
old key with an o 



of claim 27 wherein the keys are generated by an 
and are distributed to multiple login servers for providing 



36. A comput(;r readable mediimi having instructions stored thereon for 
causing a compute sr to perform a method of updating keys used to decrypt tickets 
used to log into multiple sites on a network, the method comprising: 

a new key with a new version number to take the place of an 
i version number; 
storing the new key on a site to be logged into by a user; 
changing alcurrent key indication to the new key; 
allowing cilrrent logged in users to continue using the old key; and 
redirecting new users to a login server to obtain a ticket consistent with 
the new key. 



37. A method of logging on to multiple sites, the method comprising: 

sending a fiAit login ticket to a desired site, wherein the login ticket is 
encrypted to be decided by a first key having a first version number; 

receiving an Indication that the first key has expired; 

obtaining a second login ticket from an authentication server, wherein the 
second login ticket is encrypted consistently with a new key having a second 
version number; and 

sending the sA:ond login ticket to the site to log into the site. 
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38. Theme 



od of claim 37 wherein the tickets contain a version number 



which is readal le without decryption. 

39. The metthod of claim 38 wherein the version number is a one digit Hex 
integer. 



40. The methbd of claim 38 wherein the encrypted ticket comprises an 
unencrypted version number, and encrypted information sufficient to log a user 
into a desired site. 



41. Acomput 
causing a comput 



method comprisir g: 



sending a 



r readable medium having instructions stored thereon for 
?r to perform a method of logging on to multiple sites, the 



irst login ticket to a desired site, wherein the login ticket is 
encrypted to be dicoded by a first key having a first version number; 
receiving j tn indication that the first key has expired; 

second login ticket from an authentication server, wherein the 
is encrypted consistently with a new key having a second 



obtaining L 
second login ticke 
version number; aid 

sending the 
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second login ticket to the site to log into the site. 



An encrypted ticket for use in logging on to a website, the ticket 
comprising: 

an unencrypted version number corresponding to a key version number 
stored on the websi e; and 

an encrypted string identifying the website and information, which when 



decrypted using the 
for logging the user 



key having the same version number authenticates the user 
into the website. 
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